Cryptomining attack on an AI gateway reveals a much bigger cloud security problem

Hackers broke into an Amazon cloud server acting as a doorway to AI services, planted mining software, and probed for wider access. The real worry is how much power these AI gateways hold.

ThreatVectr Newsdesk· 3 min read
Photoreal news-editorial style, 16:9 framing, edge-to-edge composition
Share

Key points

  • Researchers at cybersecurity firm Darktrace found attackers had broken into an Amazon Web Services cloud server running LiteLLM, a piece of software that acts as a shared gateway to AI models, and installed XMRig, a program that secretly uses a victim's computing power to mine cryptocurrency.
  • The compromised server carried an IAM role, meaning an identity-and-permissions badge that grants access to cloud resources, capable of reaching Amazon Bedrock, AWS's service for running large AI models.
  • A separate suspicious identity, traced to an IP address in Vietnam, attempted to list and call Amazon Bedrock AI models and tried to create a new cloud user account the day after the mining malware appeared.
  • Security experts say the cryptomining payload is almost beside the point: AI gateways bundle together credentials, permissions, and model access in one place, making them a high-value target even for attackers using old, simple techniques.
  • Darktrace's managed detection team caught the activity and alerted the customer in time to contain it.

The attack itself was not sophisticated. Criminals found a cloud server with its SSH port open to the public internet. SSH, which stands for Secure Shell, is a remote-access protocol that lets administrators log in to a server from anywhere. Leaving that door open is an old mistake. The attackers hammered it with thousands of login attempts from a single external address, a technique called brute-forcing, until something gave way.

Once inside, they downloaded a ZIP file containing XMRig, a well-known cryptomining program that hijacks a server's processing power to earn cryptocurrency for the attacker. The server then began making repeated connections to a mining pool, a group of computers working together to earn crypto rewards.

Why does it matter if it was just a cryptominer?

The server was not just any cloud machine. It was running LiteLLM, software that acts as a single shared entry point through which a company's applications talk to large AI models. Because it needs to speak to all those models on behalf of the company, it holds the keys to a wide set of cloud permissions. Breaking into it is a bit like stealing the master key to a hotel rather than a key to one room.

Sean Malone, chief information security officer at identity-security company BeyondTrust, noted to CSO Online that the pattern is nothing new. Researchers have tracked the same sequence, open SSH port, brute-force login, XMRig miner, since at least 2018. The AI twist, using stolen credentials to probe AI model services, even has a name coined in 2024: LLMjacking.

Still, Malone agreed the concentrated power of AI gateways raises the stakes. A routine break-in lands the attacker on a system that controls AI operations for the whole organisation.

Darktrace also flagged suspicious account activity spotted separately: API calls from Vietnam, attempts to list and invoke AI models, and an effort to create a fresh cloud user account with a randomly generated name. Creating hidden user accounts is a classic way attackers try to keep a foothold after initial credentials are changed.

Practical steps organisations can take: close public SSH access and use private, authenticated tunnels instead; limit cloud identity permissions to only what each system genuinely needs; watch for unusual calls to AI model services; and treat any new cloud user account that nobody recognises as an immediate alert.

If you use AI-powered tools through your employer, this incident does not put your personal data at direct risk. But it is a reminder that the infrastructure behind those tools needs the same basic hygiene as any other system.

© 2026 Threat Vectr